EZ TestingSecurity is a feature, not a checkbox.
EZ Testing runs in CI pipelines, touches production-like environments, and stores workflow credentials. We take that responsibility seriously.
Encryption
All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Workflow vault credentials use client-side encryption — keys never leave your device.
Access control
Role-based permissions at workspace, project, and workflow level. SSO via Google and Microsoft on Team plans. Enforce MFA for your entire organization.
Infrastructure
Hosted on AWS in the EU (Frankfurt) and US (Virginia). Network isolation via VPC, WAF, and DDoS protection. We don't run multi-tenant databases.
Secure development
SAST, DAST, and dependency scanning in every CI pipeline. Internal penetration testing quarterly. Third-party pen test annually.
Incident response
24/7 on-call rotation for P1 incidents. We notify affected customers within 72 hours of a confirmed breach, in line with GDPR requirements.
Compliance
SOC 2 Type II audit in progress. GDPR-compliant data processing. Data Processing Agreements available on request.
Responsible disclosure
Found a vulnerability? Email us at security@ez-testing.com. We acknowledge reports within 48 hours and aim to issue a fix within 30 days. We don't pursue legal action against good-faith researchers.
Data Processing Agreement
A DPA is available for Team plan customers who need it for GDPR compliance. Request it from your workspace settings or contact us.